1. Field of Invention
The present invention relates to encryption and more particularly to packet encryption in a wireless network.
2. Description of Related Art
Wireless systems include communications, monitoring, and control systems in which electromagnetic or acoustic waves carry a signal through atmospheric space rather than along a wire. In most wireless systems radio-frequency (RF) or infrared (IR) waves are used.
Common examples of wireless equipment in use today include the Global Positioning System (GPS), cellular phones and pagers, cordless computer accessories, home-entertainment-systems control boxes, remote garage door openers, two-way radios, and baby monitors. In particular, wireless local area networks (WLANs) are becoming increasingly popular.
The 802.11 standard for WLANs is a popular standard developed by the Institute for Electrical and Electronics Engineers (IEEE). The objective of such a standard is to tailor a standardized model of operation to resolve compatibility issues between manufacturers of WLAN equipment. The standard provides for one IR-based layer and two RF-based layers for data transmission, direct-sequence spread spectrum (DSSS), and frequency-hopping spread spectrum (FHSS).
FIG. 4 is a diagram illustrating a wireless local area network (WLAN) 60 that includes three access points 62a, 62b, 62c that act as fixed base stations for carrying out communications with mobile units in the network 60. Each of the access points 62a–62c has an associated circle or sphere of operation 64a, 64b, 64c that represents a physical range for data transmissions from that access point. A first station 66 acts as a mobile unit that traverses a path 68 so that over time, the first station 66 moves sequentially through the circles of operation 64a, 64b, 64c respectively corresponding to the first access point 62a, the second access point 62b, and the third access point 62c. Then, for example, as the first station 66 moves from the first circle of operation 64a to the second circle of operation 62b, communications of the first station 66 in the network 60 must transition from the first access point 62a to the second access point 62b. 
Issues related to security and, in particular, encryption have become increasingly important in wireless communication, mainly because of the sensitivity of the transmitted data. Encryption is the process of converting data into a form, called ciphertext, that cannot be easily understood by unauthorized individuals. Decryption is the process of converting encrypted data back into its original form so that it can be understood.
The complementary processes of encryption and decryption are based on the use of one or more keys associated with the source or destination of the data. In order to easily recover the contents of an encrypted signal, the correct decryption key is required, where this key determines an algorithm that reverses the work of the encryption algorithm. Typically in a WLAN there is an encryption key and a decryption key associated with each user such as the first station 66.
Encryption and decryption are also important in wireless communications because wireless circuits are relatively easy to tap when compared with their hard-wired counterparts. For example, with reference to FIG. 4, when the first station 66 is physically in the first circle of operation 64a, then the first access point 62a transmits signals intended for the first station 66. However, other stations (not shown) may also be physically in the first circle of operation 64a and therefore able to receive the signals intended for the first station 66. Therefore, signals sent by the access points 62a–62c to the first station 66 must be encrypted in order to prevent unauthorized eavesdropping by other stations. Likewise, the access points 62a–62c must decrypt the signals sent by the first station 66 for receipt by one of the access points 62a–62c in the network.
As the first station 66 moves through the network 60, key management is essential for the access points 62a–62c that potentially must encrypt and decrypt signals associated with many users (i.e., stations 66), where unique keys are associated with each user. In a conventional WLAN network, all keys are typically kept in active memory at the access points 62a–62c, thus limiting the maximum number of users that can be supported adequately and simultaneously in the network. Because of the potentially large number of users in the network 60, a substantial burden on the system resources of the access points 62a–62c may result from storing all keys in active memory, that is, memory that is accessible very quickly and efficiently by the networking unit. On the other hand, storage of keys in system memory that is relatively slow to access is typically unacceptable for the speeds needed for real-time wireless communication. As the number of users and the bandwidth requirements increase for WLANs, efficient key management at the access points 62a–62c is crucial for system performance. The first station 66 may also need to carry out operations related to key management although typically on a smaller scale. The station 66 must adapt transmissions according to its path 68 through the network 60 so that different access points 62a–62c are used at different times. Additionally, the station 66 may need to associate multiple keys with multiple users of the station 66 although in the typical operational setting a single key may be used for the station 66.
In view of the above, there is a need for a key management system that provides performance that is superior to conventional methods and devices.